This chapter describes issues associated with Oracle Directory Integration Platform. It includes the following topics:
This section describes general issues and workarounds. It includes the following topics:
If the source directory is heavily-loaded, a race condition may occur where database commits cannot keep pace with updates to the lastchangenumber. If this race condition occurs, Oracle Directory Integration Platform may not be able to synchronize some of the changes.
To work around this issue, perform the following steps to enable database commits to keep pace with the lastchangenumber:
Increase the value of the synchronization profile's Scheduling Interval.
Control the number of times the search is performed on the source directory during a synchronization cycle by setting the searchDeltaSize parameter in the profile. Oracle suggests starting with a value of 10, then adjusting the value as needed.
When a synchronization profile is initialized, the debugging log level for the Oracle Directory Integration Platform application is set to the debugging log level configured for that synchronization profile. If you have synchronization profiles configured with different debugging log levels, you may see various levels of information in the Oracle Directory Integration Platform application's logs.
To work around this issue, set the debugging log level in all synchronization profiles to the same level.
If you stop the Oracle Directory Integration Platform application during synchronization, the synchronization process that the Quartz scheduler started will continue to run.
To work around this issue, restart the Oracle WebLogic Managed Server hosting Oracle Directory Integration Platform or redeploy the Oracle Directory Integration Platform application.
syncProfileBootstrap utility, which performs the initial migration of data between a connected target directory and Oracle Internet Directory based on a synchronization profile or LDIF file, is not supported for SSL mode 2 (Server-Only Authentication).
syncProfileBootstrap utility is supported only for SSL mode 0 (No SSL) and SSL mode 1 (No Authentication).
The default value for the SearchTimeDeltaInSeconds synchronization profile configuration parameter is 3600 seconds, or one hour. This default value may be too high for certain configurations. Oracle suggests starting with a value of 60 seconds, then adjusting the value as needed.
At the time of publication of these Release Notes, the DIP Tester utility is not supported for Oracle Directory Integration Platform 11g Release 1 (11.1.1).
Monitor My Oracle Support (formerly MetaLink) for updates regarding DIP Tester support for Oracle Directory Integration Platform 11g Release 1 (11.1.1). You can access My Oracle Support at
While the DIP Tester utility is not currently supported for Oracle Directory Integration Platform 11g Release 1 (11.1.1), you can use the manageSyncProfiles command and its testProfile operation to test a disabled synchronization profile to ensure it will successfully perform synchronization. Refer to the "Managing Synchronization Profiles Using manageSyncProfiles" section in the Oracle Fusion Middleware Integration Guide for Oracle Identity Management for more information about the testProfile operation.
If the Oracle Directory Integration Platform (DIP) server is configured with Sun JDK version 1.6.0_16+ or BEA JRockit version 1.6.0_14+, you may see the following PKCS11 exceptions intermittently in the
wls_ods1.out log files under DIP server logs directory:
Exception in thread "Thread-236" java.security.ProviderException: doFinal() failed at sun.security.pkcs11.P11Cipher.implDoFinal(P11Cipher.java:720) at sun.security.pkcs11.P11Cipher.engineDoFinal(P11Cipher.java:488) Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED at sun.security.pkcs11.wrapper.PKCS11.C_DecryptFinal(Native Method) at sun.security.pkcs11.P11Cipher.implDoFinal(P11Cipher.java:713) Exception in thread "Thread-88" java.security.ProviderException: update() failed at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:548) at sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:448) Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED at sun.security.pkcs11.wrapper.PKCS11.C_EncryptUpdate(Native Method) at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:501)
You can safely ignore these exception messages. They do not affect any functionality.
This section describes configuration issues and their workarounds. It includes the following topics:
When configuring Oracle Directory Integration Platform against an existing Oracle Internet Directory—using either the installer's Install and Configure installation option or the Oracle Identity Management 11g Release 1 (11.1.1) Configuration Wizard—you must specify the hostname for Oracle Internet Directory using only its fully qualified domain name (such as myhost.example.com). Do not use
localhost as the Oracle Internet Directory hostname even if Oracle Directory Integration Platform and Oracle Internet Directory are collocated on the same host.
If you use
localhost as the Oracle Internet Directory hostname, you will not be able to start the Oracle WebLogic Managed Server hosting Oracle Directory Integration Platform.
There are no known documentation issues at this time.